Introduction
A high vulnerability has been identified with the SigPlus Pro ActiveX Control LCDWriteString() Method
HexString Parameter Overflow.
Windows host has an ActiveX control that is vulnerable to a buffer overflow attack.
The SigPlus Pro ActiveX control, used for electronic signature integration with Topaz signature pads
and installed on the remote Windows host, is earlier than 3.95. A stack-based buffer overflow in such
versions reportedly allows execution of arbitrary code via an overly long value for the 'HexString'
argument to the 'LCDWriteString' method.
Solution
Upgrade to SigPlus Pro ActiveX version 3.95 or later as that is reported to address this issue.
AMAG Response
SigPlus Pro issue - we supply v3.74 on our v8.1 installation disk but the latest on Topaz site is v4.4
which is required to be in compliance.
https://www.topazsystems.com/pluginsappsindex.html
So to remain in compliance you can look at downloading the latest version from the Topaz site and then
install this at your site, the other thing you can do is remove the SigPlus Pro software if they are not
using.
Comments
0 comments
Please sign in to leave a comment.